CVE-2015-4949 — Sensitive Information Exposure in IBM Tivoli Storage Flashcopy Manager

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 80.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Storage Flashcopy Manager IBM Tivoli Storage Manager FOR Databases Data Protection FOR Microsoft SQL Server IBM Tivoli Storage Manager FOR Mail Data Protection FOR Microsoft Exchange Server

Timeline

PublishedAug 23

Latest updateMay 17

Description

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDibm/tivoli_storage_flashcopy_manager4.1.0, 4.1.2+1

▶NVDibm/tivoli_storage_manager7.1, 7.2+1

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-83v9-f9px-r53f: IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7↗2022-05-17

▶

CVEList

CVE-2015-4949: IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7↗2015-08-23

▶

💬Community

Bugzilla

CVE-2015-2181 CVE-2015-8864 CVE-2016-4068 CVE-2016-4069 roundcubemail: security issues fixed in version 1.0.9↗2016-04-25

▶